Vulnerabilities > CVE-2007-1070 - Stack Buffer Overflow vulnerability in Trend Micro Serverprotect 5.58/5.61/5.62

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
trend-micro
critical
nessus
exploit available
metasploit

Summary

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

Exploit-Db

  • descriptionTrend Micro ServerProtect 5.58 Buffer Overflow. CVE-2007-1070. Remote exploit for windows platform
    idEDB-ID:16827
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16827/
    titleTrend Micro ServerProtect 5.58 - Buffer Overflow
  • descriptionTrend Micro ServerProtect eng50.dll Remote Stack Overflow Exploit. CVE-2007-1070. Remote exploit for windows platform
    idEDB-ID:4367
    last seen2016-01-31
    modified2007-09-06
    published2007-09-06
    reporterdevcode
    sourcehttps://www.exploit-db.com/download/4367/
    titleTrend Micro ServerProtect eng50.dll - Remote Stack Overflow Exploit

Metasploit

descriptionThis module exploits a buffer overflow in Trend Micro ServerProtect 5.58 Build 1060. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
idMSF:EXPLOIT/WINDOWS/ANTIVIRUS/TRENDMICRO_SERVERPROTECT
last seen2020-01-13
modified2017-07-24
published2007-05-01
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1070
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/antivirus/trendmicro_serverprotect.rb
titleTrend Micro ServerProtect 5.58 Buffer Overflow

Nessus

NASL familyGain a shell remotely
NASL idTRENDMICRO_SERVERPROTECT_MULTIPLE.NASL
descriptionThe remote version of Trend Micro ServerProtect is vulnerable to multiple stack overflows in the RPC interface. By sending specially crafted requests to the remote host, an attacker may be able to exploit stack based overflows and execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id24680
published2007-02-21
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24680
titleTrend Micro ServerProtect TmRpcSrv.dll RPC Request Multiple Overflows

Packetstorm

Saint

  • bid22639
    descriptionTrend Micro ServerProtect CMON_ActiveUpdate buffer overflow
    idmisc_av_trendmicro_sprotectcmon
    osvdb33042
    titleserverprotect_cmon_activeupdate
    typeremote
  • bid22639
    descriptionTrend Micro ServerProtect CMON_NetTestConnection buffer overflow
    idmisc_av_trendmicro_sprotectcmon
    osvdb33042
    titleserverprotect_cmon_nettestconnection
    typeremote
  • bid22639
    descriptionTrend Micro ServerProtect ENG_SetRealTimeScanConfigInfo buffer overflow
    idmisc_av_trendmicro_sprotectcmon
    osvdb33042
    titleserverprotect_eng_setrealtime
    typeremote
  • bid22639
    descriptionTrend Micro ServerProtect ENG_SendEMail buffer overflow
    idmisc_av_trendmicro_sprotectcmon
    osvdb33042
    titleserverprotect_eng_sendemail
    typeremote

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:7233
    last seen2017-11-19
    modified2007-09-07
    published2007-09-07
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-7233
    titleTrend Micro ServerProtect eng50.dll Remote Stack Overflow Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:64874
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-64874
    titleTrend Micro ServerProtect eng50.dll - Remote Stack Overflow Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:7230
    last seen2017-11-19
    modified2007-09-06
    published2007-09-06
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-7230
    titleTrend Micro ServerProtect eng50.dll Stack Overflow Exploit